polymutex on Warpcast

Content pfp

https://warpcast.com/~/channel/walletbeat

0 reply

0 recast

0 reaction

polymutex pfp

Possibly-controversial change: Should servers running in enclaves be treated as privacy-preserving? https://github.com/walletbeat/walletbeat/commit/294dde48a808c93b1c619171a226ffd40ac908f8

3 replies

2 recasts

7 reactions

polymutex pfp

Assuming: - The server-side code is source-available - The server-side code is built reproducibly - The client actually checks that the server is in an enclave - The client actually checks that the server runs the code it claims - The server code doesn't log anything ... Is such a server privacy-preserving?

2 replies

0 recast

4 reactions

polymutex pfp

Context is wallets using Ethereum RPC endpoints such as 1RPC.io, which runs Ethereum nodes inside secure enclaves. The current implementation is to let such servers be considered privacy-preserving for the purpose of determining: - Whether they allow a third-party to correlate a user's wallet address with their IP address (other forms of PII still no bueno) - Whether they allow a third-party to correlate a user's multiple wallet addresses with each other While non-ideal, as there have been many documented exploits to exfiltrate data out of enclaves, it still feels like it could be a meaningful privacy upgrade for wallet users over the industry standard of basically no metadata privacy at all. And once solutions to decouple HTTP request payloads from their origin (i.e. mixnets, Oblivious HTTP, etc) are more widespread and usable from browser extension wallets, the criterion can be raised to no longer allow secure enclaves as a stopgap privacy mitigation. Thoughts?

0 reply

0 recast

2 reactions

xh3b4sd ↑ pfp

I guess you can argue that the server is more privacy preserving. What I would be asking though, is whether the connection between client and server is verifiably encrypted. How can we ensure that no middlemen tampered with the data in transit? So verifiable end-to-end encryption might be as important as secure enclaves. And then we should also make sure that encryption happens inside the enclave, so that it doesn't just stop slightly before that interface.

2 replies

0 recast

3 reactions